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DETAILED ACTION 

1 . This correspondence is in response to REMARKS filed on 05/1 1/2009. 

2. Claims 12 and 25 are amended. 

3. Claims 10-12. 14. 17 and 20-25 are pending. 

Response to Arguments 

4. Applicant's arguments with respect to pending claims have been considered but are moot in view 
of the new ground(s) of rejection. 

/* Examiner's Note: From applicant's argument, examiner iias realized that he has incorrectly 
equated the f\ 2"°' and 3™' elements of Claims 10 and 22 with elements of the primary reference, 
Bahl. Therefore, examiner has corrected his mistake, but maintains that the claims are obvious 
over the prior arts combination. For example, as applicant admitted, Bahl discloses a secured 
connection (SA) between the mobile and correspondent host; and then 'migrates' (or duplicates) 
the connection (or secured SA) to a 'new mobile host address'. With broadest but reasonable 
claim interpretation, examiner argues that the 'new mobile host address' is acting as the claimed 
'third network element. ' In addition, examiner respectfully disagrees with applicant's argument the 
combined references failing to disclose the claimed 'replacing the second element in response to 
detecting failure', because Colie cures the deficiency of Bahl by expressly disclosing transferring 
network services to a backup device in response to failure of primary network device. Therefore, 
the rejection is maintained. 

The rejection of Claim 1 2 is repeated because examiner maintains that, with broadest but 
reasonable claim interpretation, the combined references disclose the claimed invention. For 
example, Bahl discloses Access Points and nodes (mobile or correspondent), such that 
connection (or SA) is not dependent on destination address. 
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Obviously, Colie discloses information (commands) sharing (see at least FiGS.3 and 4. In 
addition, it is not disputed that Colie discloses plurality of network servers) */ 

Claim Rejections - 35 USC § 103 
5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 10-12. 14. 17 and 20-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over Bahl 
et al. (US 7,020,464 B2 - "Bahl") in view of Colie et al. (US 6,108,300 - " Colie ") 

As per Claim 10 . Bahl teaches, 

A method for maintaining secure network connections, the method comprising: duplicating [see 
'migrating' in abstract; and for example, col.2, lines 39-45], at the third network element [see FIG. 6; 
'new mobile address' in abstract; and for example, col.6, lines 35-54. See also 'computer-readable 
medium' in Claim 1, which ' handles address change of a mobile host communicating with a 
correspondent '!, a security association [see for example Security Associations 86 and 84 in FIG.2; and 
see also IPSEC/ISKAMP SAs in FIG. 3] associated with a secure network connection between a first 
network element [see for example Mobile Host 70 and 120 in FIGS.2 and 3, respectively] and a second 
network element [see for example Correspondent Host 72 and 122 in FIGS.2 and 3, respectively], 
wherein a lookup of the security association associated with the secure network connection [see FIG.2] 
is not dependent on any destination address [see for example, col.1 1 , lines 45-47: "All traffic over the 
"migrated" connection now uses the new IP address of the mobile host and is secured using the same 
security association context as before." In other words, Bahl expressly discloses not changing the SA 
lookup when a mobile host changes from old to new address. Additionally, Bahl discloses 'secured 
control channel 96'; and SA end points that are not dependent on any destination address; see for 
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example, FIGS.2, 4A and 4B], wherein the secure network connection between the first network element 
and the third network element is based on the duplicated security association [see for example, col.2, 
lines 39-45; col.6, lines 33-34 and col.6, lines 44-47]. 

As shown above, Bahl mitigates (or duplicates) SA at the new mobile address [see abstract and 
Claim 1]; however, Bahl is silent about the third network element as being a server, and replacing the 
second network element with the third network element in the secure network connection with the first 
network element in response to detecting failure of the second network element. However, in the same 
filed of endeavor, Colie teaches a third network element [see Backup Network Device 120 in FIG.1], 
and replacing the second network element with the third network element in the secure network 
connection with the first network element in response to detecting failure of the second network element 
[see abstract and FIG.1 - where Colie discloses transferring network services to a backup network 
device when a primary network device fails]. Therefore, it would have been obvious to a person having 
ordinary skill in the art, at the time of applicant's invention was made, to modify the system of Bahl by 
incorporating the teaching of Colie in order to prohibit network failure by replacing failed device a backup 
network device [see at least abstract of Colie]. 

As per Claim 12 , Bahl-Colie combination teaches, 

A method for maintaining secure network connections, the method comprising: configuring a 
plurality of security gateways [Access Point 156 in FIG.3 - Bahl discloses 156 as access points; see for 
example, col.8, lines 51-61 . See also at least FIGS.3 and 4 of Collie] such that a lookup of security 
associations is not dependent on any destination address [see for example, col.2, lines 39-45; col.6, lines 
33-34 and col.6, lines 44-47 of Bahl]; and sharing a security association [see Security Associations 86 
and 84 in FIG.2; and see also IPSEC/ISKAIMP SAs in FIG.3 of Bahl] among the plurality of security 
gateways [see FIGS.1 and 2; and for example, col.5, lines 16-19 - where Bahl discloses one or more 
correspondent hosts. See also Server 112a and 112b FIG.1 of Collie]. 



As per Claim 22 . Bahl-Colie combination teaches. 
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A first security server comprising: a transceiver [see for example, col.8, lines 51-67 - where Bah! 
disclose DHCP server] to receive information relating to at least one security association [see Security 
Associations 86 and 84 in FIG.2; and see also IPSEC/ISKAIVIP SAs in FIG. 3 of Bahil] of a secure 
network connection [see secured control channel 96 in FIG.2 of Bahl] between a mobile client [IVIH of 
Bahl] and a second security server [access points of Bahl]; and a processor module to: monitor operation 
of the second, security server; in response to detecting failure of the second security server [see Primary 
Networl( Device 110 in FIG.1 of Colie], send a message to the mobile client [see Client in FIG.1 of 
Colie] that the first security server [see Backup Network Device 120 in FIG.1 of Colie] is taking over the 
secure network connection [see abstract of Colie]; and communicate with the mobile client using the at 
least one security association over the secure network connection between the first security server and 
the mobile client [see abstract and FIGS.2-5 - where Bahl discloses communicating between the MH and 
CH/or access points/ is based on security associations]. 

As per Claim 1 1 . Bahl-Colie combination teaches, 

sending at least one secure message from the third network element to the first network element 
to notify the first network element that the secure network connection will be taken over by the third 
network element [see abstract and FIG.1 of Colie]. 

As per Claim 14 . Bahl-Colie combination teaches, 

wherein a lookup of security associations is not dependent on any destination address [see 
FIGS.4A and 4B - where Bahl discloses SA end points that are not dependent on any destination 
address]. 

As per Claim 17 . Bahl-Colie combination teaches, 

wherein communications between the mobile client and the first security server are based on a 
security architecture for the internet protocol (IPsec) [see IPSEC SAs in FIG. 3; and for example, col. col. 8, 
lines 26-50]. 
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Claim 25 is rejected for the same reasons applied to the rejection of Claim 17. 
As per Claim 20 , Bahl-Colie combination teaches, 

during life of the secure network connection between the first and second network elements, the 
third network element receiving information relating to the security association of the secure network 
connection from the second network element [see FIGS.2-4B of Bahl]. 

As per Claim 21 . Bahl-Colie combination teaches, 

wherein the first network element is a mobile client [see MH in FIGS.2 and 3 of Bahl; and Client 
in FIG.1 of Colie], and the second and third network elements are security servers [Bahl discloses 
access points and DHCP server. See also FIG.1 of Colie where network elements are disclosed as 
servers]. 

Claim 23 is rejected for the same reasons applied to the rejection of Claim 21 . 
As per Claim 24 . Bahl-Colie combination teaches, 

wherein information relating to the at least one security association is duplicated at the first and 
second security servers [see for example, col.2, lines 39-45; col.6, lines 33-34 and col. 6, lines 44-47 of 
Bahl]. 

CONTACT INFORMATION 
6. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to AMARE TABOR whose telephone number is (571)270-3155. The examiner can normally 
be reached on Mon-Fri 8:00a.m. to 5:00p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative 
or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272- 
1000. 



Amare Tabor 
(AU 2434) 

/Farid Homayounmehr/ 



